OLD | NEW |
| (Empty) |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/ssl/security_state_model.h" | |
6 | |
7 #include "base/command_line.h" | |
8 #include "base/metrics/field_trial.h" | |
9 #include "base/metrics/histogram_macros.h" | |
10 #include "base/prefs/pref_service.h" | |
11 #include "chrome/browser/profiles/profile.h" | |
12 #include "chrome/common/chrome_constants.h" | |
13 #include "chrome/common/chrome_switches.h" | |
14 #include "chrome/common/pref_names.h" | |
15 #include "chrome/common/pref_names.h" | |
16 #include "content/public/browser/cert_store.h" | |
17 #include "content/public/browser/navigation_entry.h" | |
18 #include "content/public/browser/web_contents.h" | |
19 #include "content/public/common/origin_util.h" | |
20 #include "net/ssl/ssl_connection_status_flags.h" | |
21 | |
22 #if defined(OS_CHROMEOS) | |
23 #include "chrome/browser/chromeos/policy/policy_cert_service.h" | |
24 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h" | |
25 #endif | |
26 | |
27 DEFINE_WEB_CONTENTS_USER_DATA_KEY(SecurityStateModel); | |
28 | |
29 namespace { | |
30 | |
31 SecurityStateModel::SecurityLevel GetSecurityLevelForNonSecureFieldTrial() { | |
32 std::string choice = | |
33 base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII( | |
34 switches::kMarkNonSecureAs); | |
35 std::string group = base::FieldTrialList::FindFullName("MarkNonSecureAs"); | |
36 | |
37 // Do not change this enum. It is used in the histogram. | |
38 enum MarkNonSecureStatus { NEUTRAL, DUBIOUS, NON_SECURE, LAST_STATUS }; | |
39 const char kEnumeration[] = "MarkNonSecureAs"; | |
40 | |
41 SecurityStateModel::SecurityLevel level = SecurityStateModel::NONE; | |
42 MarkNonSecureStatus status; | |
43 | |
44 if (choice == switches::kMarkNonSecureAsNeutral) { | |
45 status = NEUTRAL; | |
46 level = SecurityStateModel::NONE; | |
47 } else if (choice == switches::kMarkNonSecureAsNonSecure) { | |
48 status = NON_SECURE; | |
49 level = SecurityStateModel::SECURITY_ERROR; | |
50 } else if (group == switches::kMarkNonSecureAsNeutral) { | |
51 status = NEUTRAL; | |
52 level = SecurityStateModel::NONE; | |
53 } else if (group == switches::kMarkNonSecureAsNonSecure) { | |
54 status = NON_SECURE; | |
55 level = SecurityStateModel::SECURITY_ERROR; | |
56 } else { | |
57 status = NEUTRAL; | |
58 level = SecurityStateModel::NONE; | |
59 } | |
60 | |
61 UMA_HISTOGRAM_ENUMERATION(kEnumeration, status, LAST_STATUS); | |
62 return level; | |
63 } | |
64 | |
65 scoped_refptr<net::X509Certificate> GetCertForSSLStatus( | |
66 const content::SSLStatus& ssl) { | |
67 scoped_refptr<net::X509Certificate> cert; | |
68 return content::CertStore::GetInstance()->RetrieveCert(ssl.cert_id, &cert) | |
69 ? cert | |
70 : nullptr; | |
71 } | |
72 | |
73 SecurityStateModel::SHA1DeprecationStatus GetSHA1DeprecationStatus( | |
74 scoped_refptr<net::X509Certificate> cert, | |
75 const content::SSLStatus& ssl) { | |
76 if (!cert || !(ssl.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT)) | |
77 return SecurityStateModel::NO_DEPRECATED_SHA1; | |
78 | |
79 // The internal representation of the dates for UI treatment of SHA-1. | |
80 // See http://crbug.com/401365 for details. | |
81 static const int64_t kJanuary2017 = INT64_C(13127702400000000); | |
82 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2017)) | |
83 return SecurityStateModel::DEPRECATED_SHA1_BROKEN; | |
84 static const int64_t kJanuary2016 = INT64_C(13096080000000000); | |
85 if (cert->valid_expiry() >= base::Time::FromInternalValue(kJanuary2016)) | |
86 return SecurityStateModel::DEPRECATED_SHA1_WARNING; | |
87 | |
88 return SecurityStateModel::NO_DEPRECATED_SHA1; | |
89 } | |
90 | |
91 SecurityStateModel::MixedContentStatus GetMixedContentStatus( | |
92 const content::SSLStatus& ssl) { | |
93 bool ran_insecure_content = false; | |
94 bool displayed_insecure_content = false; | |
95 if (ssl.content_status & content::SSLStatus::RAN_INSECURE_CONTENT) | |
96 ran_insecure_content = true; | |
97 if (ssl.content_status & content::SSLStatus::DISPLAYED_INSECURE_CONTENT) | |
98 displayed_insecure_content = true; | |
99 | |
100 if (ran_insecure_content && displayed_insecure_content) | |
101 return SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT; | |
102 if (ran_insecure_content) | |
103 return SecurityStateModel::RAN_MIXED_CONTENT; | |
104 if (displayed_insecure_content) | |
105 return SecurityStateModel::DISPLAYED_MIXED_CONTENT; | |
106 | |
107 return SecurityStateModel::NO_MIXED_CONTENT; | |
108 } | |
109 | |
110 SecurityStateModel::SecurityLevel GetSecurityLevelForRequest( | |
111 const GURL& url, | |
112 const content::SSLStatus& ssl, | |
113 Profile* profile, | |
114 scoped_refptr<net::X509Certificate> cert, | |
115 SecurityStateModel::SHA1DeprecationStatus sha1_status, | |
116 SecurityStateModel::MixedContentStatus mixed_content_status) { | |
117 switch (ssl.security_style) { | |
118 case content::SECURITY_STYLE_UNKNOWN: | |
119 return SecurityStateModel::NONE; | |
120 | |
121 case content::SECURITY_STYLE_UNAUTHENTICATED: { | |
122 if (!content::IsOriginSecure(url) && url.IsStandard()) | |
123 return GetSecurityLevelForNonSecureFieldTrial(); | |
124 return SecurityStateModel::NONE; | |
125 } | |
126 | |
127 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN: | |
128 return SecurityStateModel::SECURITY_ERROR; | |
129 | |
130 case content::SECURITY_STYLE_WARNING: | |
131 NOTREACHED(); | |
132 return SecurityStateModel::SECURITY_WARNING; | |
133 | |
134 case content::SECURITY_STYLE_AUTHENTICATED: { | |
135 #if defined(OS_CHROMEOS) | |
136 // Report if there is a policy cert first, before reporting any other | |
137 // authenticated-but-with-errors cases. A policy cert is a strong | |
138 // indicator of a MITM being present (the enterprise), while the | |
139 // other authenticated-but-with-errors indicate something may | |
140 // be wrong, or may be wrong in the future, but is unclear now. | |
141 policy::PolicyCertService* service = | |
142 policy::PolicyCertServiceFactory::GetForProfile(profile); | |
143 if (service && service->UsedPolicyCertificates()) | |
144 return SecurityStateModel::SECURITY_POLICY_WARNING; | |
145 #endif | |
146 | |
147 if (sha1_status == SecurityStateModel::DEPRECATED_SHA1_BROKEN) | |
148 return SecurityStateModel::SECURITY_ERROR; | |
149 if (sha1_status == SecurityStateModel::DEPRECATED_SHA1_WARNING) | |
150 return SecurityStateModel::NONE; | |
151 | |
152 // Active mixed content is downgraded to the BROKEN style and | |
153 // handled above. | |
154 DCHECK_NE(SecurityStateModel::RAN_MIXED_CONTENT, mixed_content_status); | |
155 DCHECK_NE(SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, | |
156 mixed_content_status); | |
157 // This should be kept in sync with | |
158 // |kDisplayedInsecureContentStyle|. That is: the treatment | |
159 // given to passive mixed content here should be expressed by | |
160 // |kDisplayedInsecureContentStyle|, which is used to coordinate | |
161 // the treatment of passive mixed content with other security UI | |
162 // elements outside of //chrome. | |
163 if (mixed_content_status == SecurityStateModel::DISPLAYED_MIXED_CONTENT) | |
164 return SecurityStateModel::NONE; | |
165 | |
166 if (net::IsCertStatusError(ssl.cert_status)) { | |
167 DCHECK(net::IsCertStatusMinorError(ssl.cert_status)); | |
168 return SecurityStateModel::NONE; | |
169 } | |
170 if (net::SSLConnectionStatusToVersion(ssl.connection_status) == | |
171 net::SSL_CONNECTION_VERSION_SSL3) { | |
172 // SSLv3 will be removed in the future. | |
173 return SecurityStateModel::SECURITY_WARNING; | |
174 } | |
175 if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert) | |
176 return SecurityStateModel::EV_SECURE; | |
177 return SecurityStateModel::SECURE; | |
178 } | |
179 } | |
180 | |
181 return SecurityStateModel::NONE; | |
182 } | |
183 | |
184 } // namespace | |
185 | |
186 const content::SecurityStyle | |
187 SecurityStateModel::kDisplayedInsecureContentStyle = | |
188 content::SECURITY_STYLE_UNAUTHENTICATED; | |
189 const content::SecurityStyle SecurityStateModel::kRanInsecureContentStyle = | |
190 content::SECURITY_STYLE_AUTHENTICATION_BROKEN; | |
191 | |
192 SecurityStateModel::SecurityInfo::SecurityInfo() | |
193 : security_level(SecurityStateModel::NONE), | |
194 sha1_deprecation_status(SecurityStateModel::NO_DEPRECATED_SHA1), | |
195 mixed_content_status(SecurityStateModel::NO_MIXED_CONTENT), | |
196 scheme_is_cryptographic(false), | |
197 cert_status(0), | |
198 cert_id(0), | |
199 security_bits(-1), | |
200 connection_status(0) {} | |
201 | |
202 SecurityStateModel::SecurityInfo::~SecurityInfo() {} | |
203 | |
204 SecurityStateModel::~SecurityStateModel() {} | |
205 | |
206 void SecurityStateModel::SecurityStateChanged() { | |
207 DCHECK(web_contents_); | |
208 content::NavigationEntry* entry = | |
209 web_contents_->GetController().GetVisibleEntry(); | |
210 if (!entry) | |
211 return; | |
212 | |
213 SecurityInfoForRequest( | |
214 entry->GetURL(), entry->GetSSL(), | |
215 Profile::FromBrowserContext(web_contents_->GetBrowserContext()), | |
216 &security_info_); | |
217 } | |
218 | |
219 const SecurityStateModel::SecurityInfo& SecurityStateModel::security_info() | |
220 const { | |
221 return security_info_; | |
222 } | |
223 | |
224 // static | |
225 void SecurityStateModel::SecurityInfoForRequest(const GURL& url, | |
226 const content::SSLStatus& ssl, | |
227 Profile* profile, | |
228 SecurityInfo* security_info) { | |
229 scoped_refptr<net::X509Certificate> cert = GetCertForSSLStatus(ssl); | |
230 security_info->cert_id = ssl.cert_id; | |
231 security_info->sha1_deprecation_status = GetSHA1DeprecationStatus(cert, ssl); | |
232 security_info->mixed_content_status = GetMixedContentStatus(ssl); | |
233 security_info->security_bits = ssl.security_bits; | |
234 security_info->connection_status = ssl.connection_status; | |
235 security_info->cert_status = ssl.cert_status; | |
236 security_info->scheme_is_cryptographic = url.SchemeIsCryptographic(); | |
237 | |
238 security_info->sct_verify_statuses.clear(); | |
239 for (const auto& sct : ssl.signed_certificate_timestamp_ids) { | |
240 security_info->sct_verify_statuses.push_back(sct.status); | |
241 } | |
242 | |
243 security_info->security_level = GetSecurityLevelForRequest( | |
244 url, ssl, profile, cert, security_info->sha1_deprecation_status, | |
245 security_info->mixed_content_status); | |
246 } | |
247 | |
248 SecurityStateModel::SecurityStateModel(content::WebContents* web_contents) | |
249 : web_contents_(web_contents) {} | |
OLD | NEW |